CompTIA PenTest+ Certification Exam v1.0 (PT0-001)

Page:    1 / 9   
Total 128 questions

Which of the following excerpts would come from a corporate policy?

  • A. Employee passwords must contain a minimum of eight characters, with one being alphanumeric.
  • B. The help desk can be reached at 800-passwd1 to perform password resets.
  • C. Employees must use strong passwords for accessing corporate assets.
  • D. The corporate systems must store passwords using the MD5 hashing algorithm.


Answer : D

In which of the following scenarios would a tester perform a Kerberoasting attack?

  • A. The tester has compromised a Windows device and dumps the LSA secrets.
  • B. The tester needs to retrieve the SAM database and crack the password hashes.
  • C. The tester has compromised a limited-privilege user and needs to target other accounts for lateral movement.
  • D. The tester has compromised an account and needs to dump hashes and plaintext passwords from the system.


Answer : C

While trying to maintain persistence on a Windows system with limited privileges, which of the following registry keys should the tester use?

  • A. HKEY_CLASSES_ROOT
  • B. HKEY_LOCAL_MACHINE
  • C. HKEY_CURRENT_USER
  • D. HKEY_CURRENT_CONFIG


Answer : C

Reference:
https://www.redcanary.com/blog/windows-registry-attacks-threat-detection/

A penetration tester has a full shell to a domain controller and wants to discover any user account that has not authenticated to the domain in 21 days. Which of the following commands would BEST accomplish this?

  • A. dsrm -users “DN=company.com; OU=hq CN=usersâ€
  • B. dsuser -name -account -limit 3
  • C. dsquery user -inactive 3
  • D. dsquery -o -rdn -limit 21


Answer : D

Which of the following properties of the penetration testing engagement agreement will have the LARGEST impact on observing and testing production systems at their highest loads?

  • A. Creating a scope of the critical production systems
  • B. Setting a schedule of testing access times
  • C. Establishing a white-box testing engagement
  • D. Having management sign off on intrusive testing


Answer : B

HOTSPOT -
Instructions:
Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.
You are a security analyst tasked with hardening a web server.
You have been given a list of HTTP payloads that were flagged as malicious.
Hot Area:




Answer :

In a physical penetration tester testing scenario. the penetration tester obtains physical access to a laptop. The laptop is logged in but locked. Which of the following is a potential NEXT step to extract credentials from the device?

  • A. Brute force the user’s password.
  • B. Perform an ARP spoofing attack.
  • C. Leverage the BeEF framework to capture credentials.
  • D. Conduct LLMNR/NETBIOS-ns poisoning.


Answer : A

A penetration tester is preparing to conduct API testing. Which of the following would be MOST helpful in preparing for this engagement?

  • A. Nikto
  • B. WAR
  • C. W3AF
  • D. Swagger


Answer : D

Reference:
https://blog.securelayer7.net/api-penetration-testing-with-owasp-2017-test-cases/

DRAG DROP -
Instructions:
Analyze the code segments to determine which sections are needed to complete a port scanning script.
Drag the appropriate elements into the correct locations to complete the script.
During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan.
Select and Place:




Answer :

If a security consultant comes across a password hash that resembles the following: b117525b345470c29ca3d8ac0b556ba8
Which of the following formats is the correct hash type?

  • A. Kerberos
  • B. NetNTLMv1
  • C. NTLM
  • D. SHA-1


Answer : D

During an internal network penetration test, a tester recovers the NTLM password hash for a user known to have full administrator privileges on a number of target systems. Efforts to crack the hash and recover the plaintext password have been unsuccessful.
Which of the following would be the BEST target for continued exploitation efforts?

  • A. Operating system: Windows 7 Open ports: 23, 161
  • B. Operating system: Windows Server 2016 Open ports: 53, 5900
  • C. Operating system: Windows 8.1 Open ports: 445, 3389
  • D. Operating system: Windows 8 Open ports: 514, 3389


Answer : C

Which of the following would be the BEST for performing passive reconnaissance on a target’s external domain?

  • A. Peach
  • B. CeWL
  • C. OpenVAS
  • D. Shodan


Answer : D

Reference:
https://www.securitysift.com/passive-reconnaissance/

A penetration tester delivers a web application vulnerability scan report to a client. The penetration tester rates a vulnerability as medium severity. The same vulnerability was reported as a critical severity finding on the previous report. Which of the following is the MOST likely reason for the reduced severity?

  • A. The client has applied a hot fix without updating the version.
  • B. The threat landscape has significantly changed.
  • C. The client has updated their codebase with new features.
  • D. Thera are currently no known exploits for this vulnerability.


Answer : A

An attacker uses SET to make a copy of a company’s cloud-hosted web mail portal and sends an email in hopes the Chief Executive Officer (CEO) logs in to obtain the CEO’s login credentials.

  • A. Elicitation attack
  • B. Impersonation attack
  • C. Spear phishing attack
  • D. Drive-by download attack


Answer : A

Reference:
https://www.social-engineer.org/framework/influencing-others/elicitation/

A penetration tester is scanning a network for SSH and has a list of provided targets. Which of the following Nmap commands should the tester use?

  • A. nmap -p 22 -iL targets
  • B. nmap -p 22 -sL targets
  • C. nmap -p 22 -oG targets
  • D. nmap -p 22 -oA targets


Answer : A

Page:    1 / 9   
Total 128 questions